The demise of Adobe Flash

Long live Flash

It’s time for another Enterprise Dish, which Brad and Aaron begin with an oft-repeated, but now very real announcement: Flash is dead! Long live Flash: the Adobe plug-in that won the late ’90s/early ’00s internet with animations, prototypical viral memes, and shock sites to chill your bones. This technology was how rapid-fire imagery was blasted into the eyeballs of millennial internet users before YouTube arrived, and it contained all of the good and ill that existed on the internet then and since.

Before I bury Flash, let me praise it, because it was also the repository and instrument for a great deal of popular culture. There were the games and memes and browser animations, many of which are currently being preserved by the dutiful folks at the Internet Archive. There was also the 2009 Academy Award-winning animated film The Secret of Kells, and popular animated series such as My Little Pony: Friendship is Magic, Metalocalypse, and Clone High (an early work from animation masters Phil Lord and Christopher Miller). The world is richer because Flash existed.

A vulnerability victim

But the world also loved finding holes in it. It’s tempting to describe this plug-in as a victim of its own success, but this would be overly charitable in my view, as its record of poor security (even after being acquired by Adobe) attracted ample criticism as the CVE entries piled up, and its demise is long overdue.

In 2015, a meta-analysis by Recorded Future reported that 8 of the top 10 vulnerabilities being used in exploit kits for sale in illicit forums and being actively used in cyberattacks targeted Adobe Flash. #3 and #5 on that list were from of the leaked zero day arsenal of HackingTeam, a Milan-based former IT security company which sold its spyware and services to governments around the world (many of which had dubious human rights records) as a means of spying on their citizens, and eventually had its license to sell spyware outside of the EU suspended by the Italian government.

This is an important detail in the story of Flash because it not only illustrates its ubiquity and criticality to the internet for a period of decades, but it illustrates how useful it has been for criminals and governments alike who want to take an illicit peek into private data.

The final days of Adobe Flash

Like many Web 2.0 technologies, Flash made everything easier – creatively and destructively. And as with many of those technologies, it was too full of holes to keep being used. Smartphone makers moved on, support for HTML5 and other technologies expanded, and PCs would eventually follow suit. Flash reached end-of-life from Adobe on December 31, 2020, and as Brad noted last month, Microsoft quietly announced that Flash would be removed from Windows (client and server) in July. The newly released Windows 10 Version 21H1 does not include Flash, and there is already a Windows Update available for other versions of Windows to remove it.

Onward from the has-been of Adobe Flash to the never-was of Windows 10X, which is not shipping in 2021 after all. Brad and Aaron previously discussed this OS (and used a whole different set of car metaphors to describe it!), and I joined them in expressing a bit of confusion as to its novelty and intended use case. Especially as it seemed set to follow its predecessors down a rabbit hole of “Let’s redesign the OS and introduce a bunch of odd new form factors nobody asked for.” And we’ve discussed that quite enough for now.

Sun Valley updates

We still have plenty of hype leftover for Sun Valley (the codename for Windows 10 21H2) and its upcoming Windows UI refresh, which will (among other things) finally do away with the Windows 95-era icons that currently live in C:\Windows\System32\shell32.dll, and are accessible anytime you engage in the decidedly old-fashioned activity of manually changing a desktop icon.

I’m pleased to see that the Save icon (based on the appearance of a 3.5″ floppy disk) is sticking around – just being refreshed to a slightly more modern and vector-based version of a technology that has long since departed from consumer use, but which was used as recently as 2020 to update the avionics software in the now-retired Boeing 747-400 fleet. Because, as Aaron mentions, there’s always room for a large enterprise to keep spending lavishly so that a hardware or software maker will continue to support some obscure component of their workflow, especially when the alternative – rebuilding everything from scratch using modern components – would cost a great deal more.

That’s all for this month!